Getting Data In

NFS file utilization auditing with Splunk on HP-UX servers

albertoperez
Explorer

Hi,
We are working to develop a Splunk project that audit the accesses and modifications to the files stored in several folders in several HP-UX servers, published by NFS.
Our first problems are blocking the project, so I hope you can help me with these:
1. The operating system logs show the actions executed in local over the files, with relative path, so we can´t identify certainly if a concrete file has been read / modified / deleted
2. One alternative is, having in mind each register in the log can identify the associated filesystem, mounting the folder to audit in an independent filesystem, but this idea generates the inconvenience of needing the constant mounting of this ‘extra’ filesystem in the monitored server. Anyway, this 'solution' only audit the local access, no via NFS.
3. By other hand, it exists a configuration parameter (‘audit_track_paths’) that enables the use of absolute paths, but this parameter only exists with HP-UV 11.31 version, and currently the customer servers haven´t got this version.
4. Finally, the audit files (not logs) in HP-UX systems are not plane text files, so we´d need any integration with Splunk taking advantage of the script data input. In the 'audit' command man page I found several C functions that enable to me to create a script to link it in a Script Data Input.

Have anybody any experience about any similar environment / project to help me or guide to me.

Thanks in advance.

Tags (4)

albertoperez
Explorer

Nice!
This is the way. 😉
Thank you Mario.

0 Karma

MarioM
Motivator

Here HP-UX Auditing some information and script about audit logs of the HP-UX servers.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...